Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    Shedding some light on security-cert warnings




    ON SECURITY


    Shedding some light on security-cert warnings


    By Susan Bradley

    On a daily basis we are bombarded with confusing error messages that can lead to making bad decisions about our online security.

    Whether from Java, EMET, our browsers, or some other source, here's what you should know about the warnings.

    The full text of this column is posted at http://windowssecrets.com/on-securit...cert-warnings/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    For example, in early January, Yahoo banner ads were infected with code that injected Java-exploiting malware. The malicious ads were served up by Yahoo’s own service: ads.yahoo.com, as reported in a ZDNet blog.
    And still Yahoo wonders why users are using ad-blocking Extensions like NoScript??
    -- Bob Primak --

  3. #3
    Lounger
    Join Date
    Jul 2011
    Location
    Pacific NW
    Posts
    30
    Thanks
    4
    Thanked 1 Time in 1 Post
    Good article Susan, only wish that there were better recommendations! Until we see real penalties given to companies that show blatant ignorance on implementing security deeply into their services, we likely will continue to be the end of the whip. I take no solace that someone like Larry Ellison or his personal fiefdom that is called Oracle, is going to give us better security. After a great deal of talking to our local newly elected House of Representatives member, he, just this week, announced that he was going to focus on Cybersecurity as a primary goal of legislation, thinking that he may be able to forge some kind of alliances with the other side of the House to get bills done to fix many of the issues.

  4. #4
    New Lounger
    Join Date
    Dec 2009
    Location
    Eagle, Idaho
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    After reading your comments regarding Java security I am wondering what the consequences if any there are to uninstalling the Java 64-bit version. I do have both installed and I can't get to the Java control panel.

  5. #5
    Star Lounger
    Join Date
    Dec 2009
    Location
    California
    Posts
    50
    Thanks
    26
    Thanked 1 Time in 1 Post
    Quote Originally Posted by sfcbennett View Post
    After reading your comments regarding Java security I am wondering what the consequences if any there are to uninstalling the Java 64-bit version. I do have both installed and I can't get to the Java control panel.
    I have been running Win 7 Pro for a few years, and about two years ago I completely UNinstalled every bit, every trace of Java from my PC. To my surprise, I have never encountered any need for it since. (Of course I am not talking about Javascript - that is useful). So unless you know for a fact that you are using some website that absolutely requires Java, go ahead and uninstall; you might be pleasantly surprised if it is not missed. You can always reinstall the newest version if you need it.

  6. #6
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,607
    Thanks
    147
    Thanked 869 Times in 831 Posts
    Quote Originally Posted by sfcbennett View Post
    After reading your comments regarding Java security I am wondering what the consequences if any there are to uninstalling the Java 64-bit version. I do have both installed and I can't get to the Java control panel.
    If you don't use a 64 bit browser then you don't need that version, but normally you just right click on the coffee cup in All Control Panel Items and select Open.

    If that doesn't do it then go Start - type java then right click on it (under Control Panel) and select Open.

    From there under the Security tab you can uncheck the box to Enable Java content in browsers should you want to keep java installed, but not active as to allow any exploits.

    Java.com have just released v7 u55 but Oracle had released a v8.0 which also has recently received an update
    Last edited by Sudo15; 2014-04-19 at 10:14.

  7. #7
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by alf hanna View Post
    Good article Susan, only wish that there were better recommendations! Until we see real penalties given to companies that show blatant ignorance on implementing security deeply into their services, we likely will continue to be the end of the whip. I take no solace that someone like Larry Ellison or his personal fiefdom that is called Oracle, is going to give us better security. After a great deal of talking to our local newly elected House of Representatives member, he, just this week, announced that he was going to focus on Cybersecurity as a primary goal of legislation, thinking that he may be able to forge some kind of alliances with the other side of the House to get bills done to fix many of the issues.
    Please, PLEASE don't let Government get involved in Internet security!!

    Look what a mess they've made of the Health Care rollout. And Net Neutrality. And Internet Censorship (under the guise of protecting children). So now you want these clods to mess with Internet security??
    -- Bob Primak --

  8. #8
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    FWIW when I have installed 64-bit and 32-bit Java on my Toshiba Satellite laptop, I have had full access to both Control Panels. I did separate installations, starting with the 64-bit Update, followed by installing the 32-bit Update. If my next round of Java Runtime Updates behaves any differently, I will post back.

    I update according to the recommendations of the SUMo Lite (no spyware) updates checker, and my downloads are directly from the Oracle download page. I am on JRE Version 8. I use Java Runtime primarily to power certain features of LibreOffice. A few Web Apps also use my Java. My browsers are 32-bits.
    -- Bob Primak --

  9. #9
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,607
    Thanks
    147
    Thanked 869 Times in 831 Posts
    I only get my updates from www.java.com which says the recommended version (at the moment) is v7 u55.

    In the v8 article on there, it gave some doubt as to whether all apps would work with v8 and as yet have to see anything to say which version to use.

    There is also just a couple of websites for me that I occasionally use which require Java and until then, it remains deactivated in browsers.

    When I have both versions installed, I only have one coffee cup in All Control Panel Items with the control panel being universal, so not sure what you mean by "both Control Panels".

  10. #10
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by Sudo15 View Post
    I only get my updates from www.java.com which says the recommended version (at the moment) is v7 u55.

    In the v8 article on there, it gave some doubt as to whether all apps would work with v8 and as yet have to see anything to say which version to use.

    There is also just a couple of websites for me that I occasionally use which require Java and until then, it remains deactivated in browsers.

    When I have both versions installed, I only have one coffee cup in All Control Panel Items with the control panel being universal, so not sure what you mean by "both Control Panels".
    Corrrect about v.8 being Beta or pre-release. LibreOffice doesn't seem to mind, but YMMV. I can access through Programs itrems, both a 32-bit Control Panel and a 64-bit Control Panel. They can have most options set independently of each other.
    -- Bob Primak --

  11. #11
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,607
    Thanks
    147
    Thanked 869 Times in 831 Posts
    I had this clarified by contacting Java and their response was that v8.0 (which has since had an update) is so far only for developers of programs and for them to report any bugs.

    When Java have a bug free version, they will have it on www.java.com for general release and until then, you should use v7 u55 as the recommended version.

    The only option I get when I click or right click on the versions in appwiz.cpl is to Uninstall.

  12. #12
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by Sudo15 View Post
    I had this clarified by contacting Java and their response was that v8.0 (which has since had an update) is so far only for developers of programs and for them to report any bugs.

    When Java have a bug free version, they will have it on www.java.com for general release and until then, you should use v7 u55 as the recommended version.

    The only option I get when I click or right click on the versions in appwiz.cpl is to Uninstall.
    I haven't had problems with Java JRE 8. But I don't do a lot with it. So, as I said, your mileage may vary. And your experience of having or not having a v.8 and a v.7 Control Panel available may also vary, especially depending on how and from which source your JRE or Java SE may have been installed.

    While it is Beta, JRE 8 is definitely not only for developers. JDK is still in v.7. I have that on my Linux, so as to eventually be able to image and reflash any Android Tablet I may buy in the next year or so, provided the device has full Root Access.
    Last edited by bobprimak; 2014-05-08 at 09:05.
    -- Bob Primak --

  13. #13
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,607
    Thanks
    147
    Thanked 869 Times in 831 Posts
    I only ever update the recommended version from www.java.com and would go by the advice I received from Java, but I'm always wary of Betas anyway.

  14. #14
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by Sudo15 View Post
    I only ever update the recommended version from www.java.com and would go by the advice I received from Java, but I'm always wary of Betas anyway.
    Upon reflection I decided you were right. I removed all unused Flash Updates, and reverted my Windows 7 setup to only use JRE 7 update 55, 32-bits only, because LibreOffice might want to use it for some things. Java is not enabled in any of my browsers.
    -- Bob Primak --

  15. #15
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,792
    Thanks
    117
    Thanked 798 Times in 719 Posts
    I have Java enabled in all of my browsers and haven't been attacked once. I believe that Java is much more secure than it used too be as it now white lists all Java apps before they run. If you don't use any browser Java apps, there's no reason to have it installed. But if you want to run any Java apps (I have several puzzle games I run on a regular basis) there's no longer any reason to panic about having Java enabled in your browser in my opinion.

    Jerry

  16. The Following User Says Thank You to jwitalka For This Useful Post:

    bobprimak (2014-05-19)

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •